A round-up of Internet-related stories in the IEEE Computer Society and trade press.

Java

Dr. Dobb's Journal

www.ddj.com

August 2007

"Java Message Service," by Eric J. Bruno

As distributed computing continues to grow, choosing the right software design to help geographically separated computers communicate more effectively becomes even more important. Although SOAP has made significant strides in this area, Bruno argues that message-oriented middleware, such as Java Message Service (JMS; http://java.sun.com/products/jms), is the better choice for reliability, performance, and security. JMS is a specification that outlines the behavior and properties of an "information pipe" for Java software. It also describes how Java client applications interact with the pipe.

Messaging systems include messages, senders, and receivers in a loose connection, so changes to one part of the system won't affect the entire system, thereby allowing for more robust software. Every messaging system includes a broker that delivers messages and interacts with the system as a whole.

The final 802.11n wireless standard isn't due for release until the end of 2008, but many enterprise IT professionals are already feeling pressured to make the switch. Molta says it's "fashionable" to believe a day will come when Wi-Fi, or some other technology, will be the preferred basis of enterprise network access, but 802.11n's drawbacks outweigh its possible benefits. Those drawbacks include difficulties with availability, scalability, and security, as well as higher costs than wired options.

Molta says not to be fooled by the enterprise Wi-Fi market's recent growth, most of which has come from higher education, where wireless local area networks (WLANs) are chosen to attract students rather than increase productivity.

Although the base technology for 802.11n is solid, and the Wi-Fi Alliance has certified products based on the draft standard, Molta predicts it will be at least two years before half of enterprise devices are 802.11n-enabled.

Snif Labs — Snif is short for Social Networking in Fur — has started distributing devices for dog collars that swap identification codes with other Snif devices that come within range. Owners can then use Snif's service to exchange information about their dogs or themselves. The startup from MIT's Media Lab also lets owners monitor pets at home via the Internet.

Internet & Society

Technology Review

www.technologyreview.com

July/August 2007

"Building an Immersive Web," by Colin J. Parris

Second Life's early success in the virtual world seems to indicate that graphically rich, 3D online environments have the power to revolutionize the way we interact with each other and computers. Parris says the key is to engage two fundamental human characteristics: our social and visual tendencies. However, he argues, the technological and business arenas must begin to collaborate now if these kinds of platforms are to offer other feasible uses to consumers and businesses. Parris outlines three issues that must be tackled immediately to achieve that goal: creating open standards to join various virtual worlds, creating dependable ways to manage identity and trust issues, and incorporating business applications and data into virtual worlds.

Programming & Development

Dr. Dobb's Journal

July 2007

"A Fast Q&A System," by Manu Konchady

Anyone who has used a typical search engine knows that you can't ask it a question and get a straight answer. Instead, you look for keywords and cull the answer from a list of possibly relevant links.

Konchady asserts that most question-answer (Q&A) systems address these drawbacks. He goes on to explain the basics of designing and implementing Q&A systems by reviewing the first step in the processing pipeline — categorizing questions — which classifies answers into options such as a person, place, animal, organization, and so on. He also explains how to extract entities, which are typically nouns that stand for a person, organization, or place. Konchady outlines query transformation and the generation of a query from a question, possibly the process's most important step before describing how to execute your own experimental Q&A system.

Security

PC Magazine

7 Aug. 2007

"Closing the Loopholes on Data Theft," by Cyrus Farivar

According to the Privacy Rights Clearinghouse, more than 100 million electronic records containing personal information were compromised in 2005–2006. That doesn't include the 45 million credit- and debit-card numbers reported stolen from Marshalls's and T.J. Maxx's parent company in January 2007. The statistics have spurred some US lawmakers to urge new federal laws to protect consumers.

Three federal bills to address this are beginning to wind their way through the US Senate, including the Personal Data Privacy and Security Act of 2007, which would force companies and governments to notify consumers, law enforcement, and credit-reporting agencies if a breach could be a "significant" risk to consumers.

Networking

PC Magazine

www.pcmag.com

17 July 2007

"Extreme Peer-to-Peer," by Jamie Bsales and Cade Metz

The Palo Alto Research Center (PARC) is in the midst of developing a project — Content Centric Networking (CCN) — that uses peer-to-peer concepts it hopes will revolutionize the way PC networking is viewed.

Similar to PC networks, CCN centers on the data instead of the server. As a result, PCs don't inquire about specific servers to retrieve data, which could involve bypassing much closer machines that have that same data. Instead, users inquire about data to all the machines on a network; if one of them has the data, it sends it.

"You can authenticate and validate information using the information itself — independent of whom you got it from," says PARC's Van Jacobson. "So if you want The New York Times, you can pick it up from any machine that has a copy."

Jacobson hopes to introduce CCN on top of the networks used today, similar to how BitTorrent, the peer-to-peer file distribution tool, was rolled out across the existing Internet.

Web Services

Dr. Dobb's Journal

July 2007

"SOA, Web Services, and RESTful Systems," by Eric J. Bruno

Web services are an improvement of client-server systems largely because they don't have platform constraints and yet are standardized and scalable.

But representational state transfer (REST) is a service-oriented architecture (SOA) that's even less restrictive than Web services, Bruno says. As outlined by Roy Fielding in his doctoral dissertation, REST's only requirement is that it be based on HTTP.

Bruno, who has built several RESTful services, also describes the basics of building a SOA-based RESTful system and describes a REST service framework he built to avoid writing duplicate code for each service he needs.

Alison Skratt is a freelance writer based in Connecticut.

Elsewhere in the IEEE Computer Society

Computer

www.computer.org/computer/

July 2007

"Google Surveys Web for Malware," by Linda Dailey Paulson

A recent survey conducted by Google's Anti-Malware Team found malware on 450,000 Web pages that could infect vulnerable computers visiting the pages in question.

As part of an ongoing study of suspicious sites, Google also identified factors on 4.5 million pages that indicated those pages had the capability to upload malware to unsuspecting visitors. The malicious code had various purposes: some could hijack computers to remotely attack other computers, whereas others performed more harmless tasks, such as altering bookmarks, installing toolbars, or changing home pages.

Ed Skoudis, founder of Intelguardians, an information-security research and consulting company, says Google's findings were higher than most experts expected. Most hackers apparently installed the malware after breaking through Web server security, exploiting unpatched vulnerabilities, or taking server-management passwords.

"Intel Adds Distance to Wi-Fi," by Linda Dailey Paulson

Intel Research has a new, low-cost Wi-Fi system that it says can extend wireless technology's range from the typical 100 meters found in hotspots to 100 kilometers without losing bandwidth.

Unlike the standard Wi-Fi antenna — which sends out power in all directions, thereby limiting its range — Intel's new antenna sends all signals to another antenna in just one direction. The new antenna also assigns each user a time slot rather than allowing multiple nodes to transmit a single channel.

Intel's new system works with IEEE 802.11a, b, and g standards. It would also work with non-Intel systems if they added Intel software. The systems use a 2.4-GHz transmission frequency that governments usually don't regulate. WiMax, another long-distance wireless system, uses 3.5-GHz frequency, which is regulated.

Intel says its new system is in use inGuinea-Bissau, India, the Philippines, and Venezuela. A prototype backbone system is also in development in Ghana, and a trial is under way in Uganda. The system would not only be useful in remote, developing parts of the world but also in "lightly populated" rural parts of the developed world where costs prohibit building wired infrastructure.

As the public debate continues about whether the Semantic Web is helping the Internet, a related discussion is taking place about the future of software engineering. Could Semantic Web technologies be the key to the next model of software development?

David Hyland-Wood, entrepreneur-in-residence in the University of Maryland's Semantic Research Group, is an advocate who suggests software developers should think of the Web in two parts to truly understand its promise. One part is the one the user sees; the other is the abstract infrastructure, which is perfectly suited for Semantic Web technologies.

Philip Tetlow, IBM senior information technology architect, argues that an important promise of Semantic Web technologies is that they use the same computational theory as older methods. "The real bonus for me is essentially lowering the barrier around formal definition in software," Tetlow says.

IEEE Distributed Systems Online

http://dsonline.computer.org

August 2007

"The Politics of DDos Attacks," by Greg Goth

For several weeks starting in early May 2007, most of the Baltic nation of Estonia suffered crippling distributed-denial-of-service (DDoS) attacks. Neither the size of the event nor its methods were unprecedented, but other unusual elements surrounding it brought new attention to the area of cyberterrorism, as well as promises to improve cross-border cooperation to prevent a reoccurrence.

Initially, news reports hinted that the attacks were linked to an ongoing feud between Russia and Estonia, with the Estonian government claiming to have traced one of the computers involved to an IP address in one of Russian President Vladimir Putin's offices. Although no one has produced evidence implicating the Russian government, the matter illustrated how someone with basic network knowledge and politically motivated intentions could cause widespread chaos.

And because Estonian operators didn't have supporting organizational structure with their counterparts in other nations, "there wasn't much somebody in Estonia could do but hold on for the ride," says Marty Lindner, senior member of the Computer Emergency Response Team Coordination Center at Carnegie Mellon University's Software Engineering Institute.

Many spam filters sort email using "black and white" lists that sort senders or servers into suspected spam (black) and probably legitimate messages (white). Although these filters are efficient, spammers can easily spoof them. The most popular alternative to black and white lists is analyzing email content for keywords, but this method is also flawed because it's difficult to generate reliable keyword lists and constantly update them.

Kim, Chung, and Choi propose a URL-based spam filter that sorts email according to the probability that URLs in it have been in legitimate or spam email in the past, freeing the clients from tedious list updating. Their filter analyzes URL statistics dynamically, using email client reports or an automatic reporting mechanism they created.

Like the SpamCop filter, the filter created by Kim and his coauthors uses the naive Bayesian algorithm to classify email, but it's different several ways. Most important, it updates its frequency table based on client reports or an automatic reporting mechanism, thereby reflecting the statistics of email that has actually been classified instead of a training set of email.

The article explains the basics of the filter's design and presents a real-world evaluation in which the system correctly classified 73 percent of spam and more than 99 percent of legitimate email.